Labels

algorithms (22) Design Patterns (20) java (19) linux (14) Snippet (13) service mix (6) soa (4)

Cross-Site Scripting (XSS)

  • A web site may be vulnerable if there is a provision for a user to enter javascript through input fields and the inserted data is viewed by another webpage in HTML tags (not in TextArea or TextFields).
  • If there is such a case of displaying the data on a webpage, then the attacker can input the malicious script into database, which hijacks the cookie or session information when executed.
  • When we see the inputted data through another webpage - the script runs, collects the session info and passes the info to the attacker’s website.

An User can be tricked to click a hyperlink, which upon clicking inserts the script into application and executes in application domain bypassing the browser security restrictions.

Ex:

1) WebApp runs on http://webappdomain/webapp/ and a User is logged in.

2) From another website/email or from any other source, a user can be tricked to click the following url.

3) The hyperlink with script if clicked, can execute the script under the domain (webappdomain/webapp/).


<a href="”http://webappdomain/webapp/getdetails?clientno="1&station="1&code="1<SCRIPT">alert(’Hi’); </script>”>http://webappdomain/webapp/xxxx.jsp</a>



4) If the page, which is loaded by the above click, prints the parameter ‘code’ on the webpage, then the scripts gets injected into the webpage and executes.

Read Modify XML,using the getElementById

<strong>xml a.xml to parse </strong>

<books>
<book id="1">
<name>java
</name>
</book>
<book id="2">
<name>perl
</name>
</book>
<book id="3">
<name>java 2
</name>
</book>
</books>

the XSD where you specify the id so that getElementById method can be used
<!ELEMENT name (#PCDATA)>

<!--- Put your DTDDoc comment here. -->
<!ELEMENT book (name)*>
<!ATTLIST book id ID #REQUIRED >

<!--- Put your DTDDoc comment here. -->
<!ELEMENT books (book)*>

DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance(); DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
//parse the xml file
Document doc = docBuilder.parse(new File("a.xml"));
doc.getElementById("1").getChildNodes().item(1).setTextContent("new book name");
Transformer transformer = TransformerFactory.newInstance().newTransformer(); StreamResult result = new StreamResult(new File("a.xml"));
//write the dom tree which is updated back to the same xml file
DOMSource source = new DOMSource(doc);
transformer.transform(source, result);

JDBC-API to connect to a DB

1)Load the Driver class

Class.forName("com.mysql.jdbc.Driver")
this will create an instance of Class for com.mysql.jdbc.Driver 

find the class file and get the binary data
Constructing the class from the binary data.

then the static block of which instantiates a new Driver of this class and registers with DriverManager

static {
try {
java.sql.DriverManager.registerDriver(new Driver());
} .......
}

//added to the drivers in the DriverManager
writeDrivers.addElement(di);
println("registerDriver: " + di);
readDrivers = (java.util.Vector) writeDrivers.clone();
2)Get the connection Object
for (int i = 0; i < drivers.size(); i++) { //iterates over all the drivers list
DriverInfo di = (DriverInfo)drivers.elementAt(i);

try {
println(" trying " + di);
Connection result = di.driver.connect(url, info);

result is the connection object.
Connection newConn = new com.mysql.jdbc.Connection(host(props),
port(props), props, database(props), url, this);

Connection is an interface which is implemented by the providers class

3)create a statement , and execute the query
/* Create a statement*/
Statement statement = connection.createStatement();

String query = "Select * from yourTABLE ";
ResultSet rs = statement.executeQuery(query);

Search 24 Bytes

Loading...